An in-depth discussion on cyber risks with Louis Theroux

A 2022 IBM security report revealed a surge in various cyberattacks between 2020-2021 and, according to Cybersecurity Ventures, it is estimated that, worldwide, cybercrimes will cost $10.5 trillion annually by 2025.

Theroux himself was a victim of a hacking scandal back in 2018, by someone who was trying to prove a point around Twitter security. “It was a weird one … a tweet appeared in the name of my account that I hadn’t actually written … It was coming from a place of wanting to educate people [so] I didn’t feel profoundly upset … I was confused by it. It didn’t feel particularly nice,” said Theroux.

As humans, trust is foundational to our existence and once that trust has been broken or violated then it becomes hard to re-establish it.

“I think that trust is something that’s really, really hard,” notes Reed. “[Trust] is not the bouncy castle that it was when we were younger on the Internet. Now, you invent something, and it can easily be used against you.”

The harder part is, knowing who to trust in the first place. How do you trust the vendors that you’re using? How do you trust that they are stewarding your data in an appropriate way? How do you even know if that trust has been broken, or if there’s a defect in the system?

“There’s a lot of focus right now on supply chain risk – more and more functions are moving into the Cloud and third-party hosted solutions and we’re at the point where we’re really starting to outsource more of our trust,” notes Ferguson.

But the problem is that, unfortunately, these types of trust-based organisations are targets for hackers intent on disrupting that trust.

“The thing that I’m most worried about is the software practices that we have all created over the last 10 years,” said Reed. “We have created an environment where we are all reliant on this wonderful world of the Internet with open-source software etc. And that’s great, but the downside is [with open-source] you never know what’s going to happen.”

In fact, an incident last December with Log4j, an open-source Apache logging framework, aptly highlights this issue. This logging platform was widely used and was embedded in lots of different applications. It had a security nightmare when a bug was discovered which could easily have been exploited to take control of systems remotely. As security experts were rushing to fix the problem, hackers were already developing tools that could automatically exploit the bug. And seeing as it was open-source, it affected everyone from Cloud Edge providers to social media to Minecraft.

“It’s the risk of the unknown,” said Ferguson. “You don’t know unless you tear [the] code apart.”

Speaking on the other side of the fence, Love identified himself as someone who was a hacker.

“I think it’s just a mindset,” Love says. “I had a little home computer when I was growing up and, playing games, I realised that I could print out the instructions. If I didn’t like it when my little character met [another] little character, I could … make it so I got to the next level.

“So, it’s always been an extrapolation of that. Sometimes it’s landed me in some interesting situations.”

Love’s interest in programming eventually led him to get involved with the notorious hacking collective known as Anonymous. They are primarily known for cyberattacks against governments, government institutions, government agencies and various corporations.

At one point, the US actively attempted to extradite Love in order to put him on trial.

“I think I have the dubious privilege of being the only person to be attempted to be extradited by three different states in parallel,” said Love.

Overall, the panel noted that there has been a growing awareness on the consumer end that their data can be accessed and used towards them. But we’ve only just scratched the surface. As more connected Internet of Things (IoT) devices join the network then “the whole paradigm is going to turn on its head,” Ferguson summarised. We may not even be able to see or predict the problems we’re going to experience.